wafful.org - Web Security Blog Yet Another Web Application Firewall Project - mod_imagefight and mod_wafful. (TAKESAKO @ Cybozu Labs) 2009-02-25T10:37:13Z WordPress http://wafful.org/feed/atom/ takesako http://wafful.org/ <![CDATA[302 Moved Temporarily]]> http://wafful.org/2009/02/25/302-moved-temporarily/ 2009-02-25T10:36:25Z 2009-02-25T10:36:25Z http://tinyurl.com/302MovedTemporarily in Japanese.

]]> takesako http://wafful.org/ <![CDATA[HTML 2.0 - Browser detection [3]]]> http://wafful.org/2007/10/01/html-20-browser-detection-3/ 2007-10-01T07:58:29Z 2007-10-01T07:58:29Z New browser detection only with HTML 2.0 without any JavaScript/CSS hacks.

HTML 2.0 - Browser detection [3]

It can detect firefox2.0, firefox1.5, other Gecko engine, and Safari2, Safari3, Opera, ie, w3m, lynx, and other browsers.

html20hacks-snapshot.png


]]> takesako http://wafful.org/ <![CDATA[Yet Another Browser detection : HTML Slash Quote 2.0]]> http://wafful.org/2007/09/28/yet-another-browser-detection-html-slash-quote-20/ 2007-09-28T09:02:21Z 2007-09-28T09:02:21Z HTML Slash Quote 2.0 is a new browser detection without any JavaScript/CSS/Binary.

demo:

Browser detection[2] : HTML Slash Quote 2.0

HTML source

<img
 /''src="firefox.gif"
 /""src="sleipnir_gecko.gif"
   "src="safari.gif"
  ""src="konqueror.gif"
   /src="ie.gif"
    src="opera.gif"
    src="lynx.gif"
>

Example (lynx view)

browse2-lynx.png

Bibliography (thanks)

  1. http://d.hatena.ne.jp/hoshikuzu/20070925#p1 (in Japanese)
  2. http://d.hatena.ne.jp/hasegawayosuke/20070928/p1 (in Japanese)
]]> takesako http://wafful.org/ <![CDATA[New Browser detection : Web 2.0 HTML Hacks]]> http://wafful.org/2007/09/27/new-browser-detection-web-20-html-hacks/ 2007-09-27T14:13:43Z 2007-09-27T14:13:43Z New browser detection only with HTML 2.0 without any JavaScript/CSS hacks.

Demo:

Browser detection : HTML 2.0 only (demo)

htmldump.gif

Example

perl -e 'print<<EOF
<img x=` s\x00rc="safari2.gif" ` sr\x00c="ie.gif"
         src\x00="webkit.gif"    src\x0c="opera.gif"
         src="gecko.gif"         src="lynx.gif"   />
EOF'

html20hacks-snapshot.png

]]> takesako http://wafful.org/ <![CDATA[PHP code in GIF image file]]> http://wafful.org/2007/08/04/php-code-in-gif-image-file/ 2007-08-03T18:24:41Z 2007-08-03T18:24:41Z Recently it was reported that some picture files buried within the attack code of PHP was discovered on the major hosting site.

The RFI attack of PHP code can be buried within GIF, PNG, JPEG, and other picture files.

PHP code in GIF image file (sample)

phpinfo.gif

phpinfo-gif-dump.png  

include.php

<h1>PHP/GIF include demo</h1>
<?php
include("./phpinfo.gif");
?>

Result

phpinfo-gif-include.png 

]]>